Unrated severityNVD Advisory· Published Jul 3, 2015· Updated May 6, 2026

CVE-2015-3685

Description

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CoreText in Apple iOS and OS X contains a memory corruption vulnerability triggered by a crafted text file, leading to arbitrary code execution or denial of service.

Vulnerability

CoreText in Apple iOS before 8.4 and OS X before 10.10.4 contains a memory corruption vulnerability that can be triggered by processing a crafted text file. This issue is fixed in iOS 8.4 and OS X Yosemite v10.10.4 [1][2].

Exploitation

An attacker can exploit this vulnerability by delivering a malicious text file to a user and convincing them to open it. No additional privileges are required; the text file is processed by CoreText when displayed or parsed.

Impact

Successful exploitation could allow an attacker to execute arbitrary code in the context of the affected application or cause a denial of service due to memory corruption.

Mitigation

Apple has addressed this vulnerability in iOS 8.4 and OS X Yosemite v10.10.4. Users should update their devices to the latest versions. No workarounds are available.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <=8.3
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: <=10.10.3
Apple Inc./iOSllm-fuzzy
Range: <8.4
Apple Inc./OS Xllm-fuzzy
Range: <10.10.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2015/Jun/msg00001.htmlnvdPatchVendor Advisory
lists.apple.com/archives/security-announce/2015/Jun/msg00002.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT204941nvdVendor Advisory
support.apple.com/kb/HT204942nvdVendor Advisory
www.securityfocus.com/bid/75491nvd
www.securitytracker.com/id/1032760nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000